File name:

ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe

Full analysis: https://app.any.run/tasks/c8812949-40f5-4534-aca8-32d524850935
Verdict: Malicious activity
Analysis date: July 22, 2024, 13:07:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
crypto-regex
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

3955735D17A2A01DDD36EFB72AA7FCAB

SHA1:

F55F6215B38E032FFBB5288BEB64896C9899B045

SHA256:

FB4263ECA19774C61A1363713774641B6D079AAD2A053AEC9EA0832E153F652F

SSDEEP:

98304:tgIjhewfnbTAyAB+Wj+mxbZRhjgVFkprEXBW9WT0kCBKRfvJZv8fbgFWM4j5tV8J:S5k

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe (PID: 7628)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe (PID: 1540)

    • Create files in the Startup directory

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7612)

    • Executable content was dropped or overwritten

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe (PID: 7628)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe (PID: 1540)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)

    • Reads security settings of Internet Explorer

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7612)
      • DCA.Edge.Console.exe (PID: 5184)
      • DCA.Edge.Console.exe (PID: 1348)
      • DCA.Edge.Console.exe (PID: 6668)
      • DCA.Edge.TrayIcon.exe (PID: 3408)
      • DCA.Edge.TrayIcon.exe (PID: 5444)

    • Reads the Windows owner or organization settings

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)

    • Uses TASKKILL.EXE to kill process

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)

    • Process drops legitimate windows executable

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)

    • Checks Windows Trust Settings

      • DCA.Edge.Console.exe (PID: 5184)
      • DCA.Edge.Console.exe (PID: 6668)
      • DCA.Edge.TrayIcon.exe (PID: 3408)
      • DCA.Edge.Console.exe (PID: 1348)
      • DCA.Edge.TrayIcon.exe (PID: 5444)

    • Executes as Windows Service

      • DCA.Edge.Console.exe (PID: 6668)

    • Searches for installed software

      • DCA.Edge.Console.exe (PID: 6668)

    • Found regular expressions for crypto-addresses (YARA)

      • DCA.Edge.TrayIcon.exe (PID: 3408)

  • INFO

    • Reads the computer name

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7612)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)
      • DCA.Edge.Console.exe (PID: 5184)
      • DCA.Edge.TrayIcon.exe (PID: 3408)
      • DCA.Edge.Console.exe (PID: 1348)
      • DCA.Edge.Console.exe (PID: 6668)
      • DCA.Edge.TrayIcon.exe (PID: 5444)

    • Checks supported languages

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7612)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe (PID: 7628)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe (PID: 1540)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)
      • DCA.Edge.Console.exe (PID: 5184)
      • DCA.Edge.TrayIcon.exe (PID: 3408)
      • DCA.Edge.Console.exe (PID: 1348)
      • DCA.Edge.Console.exe (PID: 6668)
      • DCA.Edge.TrayIcon.exe (PID: 5444)

    • Create files in a temporary directory

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe (PID: 7628)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe (PID: 1540)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)

    • Process checks computer location settings

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7612)

    • Checks proxy server information

      • DCA.Edge.Console.exe (PID: 5184)
      • DCA.Edge.TrayIcon.exe (PID: 5444)
      • DCA.Edge.TrayIcon.exe (PID: 3408)

    • Reads the machine GUID from the registry

      • DCA.Edge.Console.exe (PID: 5184)
      • DCA.Edge.Console.exe (PID: 1348)
      • DCA.Edge.TrayIcon.exe (PID: 3408)
      • DCA.Edge.Console.exe (PID: 6668)
      • DCA.Edge.TrayIcon.exe (PID: 5444)

    • Reads the software policy settings

      • DCA.Edge.Console.exe (PID: 5184)
      • DCA.Edge.Console.exe (PID: 6668)
      • DCA.Edge.TrayIcon.exe (PID: 3408)
      • DCA.Edge.Console.exe (PID: 1348)
      • DCA.Edge.TrayIcon.exe (PID: 5444)

    • Creates files or folders in the user directory

      • DCA.Edge.Console.exe (PID: 5184)

    • Creates files in the program directory

      • DCA.Edge.Console.exe (PID: 5184)
      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)
      • DCA.Edge.Console.exe (PID: 6668)

    • Creates a software uninstall entry

      • ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp (PID: 7604)

    • Reads Environment values

      • DCA.Edge.TrayIcon.exe (PID: 3408)
      • DCA.Edge.Console.exe (PID: 6668)
      • DCA.Edge.TrayIcon.exe (PID: 5444)

    • Disables trace logs

      • DCA.Edge.Console.exe (PID: 6668)
      • DCA.Edge.TrayIcon.exe (PID: 5444)
      • DCA.Edge.TrayIcon.exe (PID: 3408)

    • Manual execution by a user

      • DCA.Edge.TrayIcon.exe (PID: 5444)
      • notepad.exe (PID: 4440)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:06 14:39:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 360448
UninitializedDataSize: -
EntryPoint: 0x117dc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.5.8.9518
ProductVersionNumber: 1.5.8.9518
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: ECI Software Solutions, Inc.
FileDescription: ECI DCA Setup
FileVersion: 1.5.8.9518
LegalCopyright: ©2016-2024 ECI Software Solutions, Inc.
ProductName: ECI DCA
ProductVersion: 1.5.8.9518
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
158
Monitored processes
20
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start eci dca 1.5.8.9518 [h5lns9337tz8].exe eci dca 1.5.8.9518 [h5lns9337tz8].tmp no specs eci dca 1.5.8.9518 [h5lns9337tz8].exe eci dca 1.5.8.9518 [h5lns9337tz8].tmp taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs slui.exe no specs dca.edge.console.exe conhost.exe no specs sc.exe no specs sc.exe no specs THREAT dca.edge.trayicon.exe no specs dca.edge.console.exe no specs conhost.exe no specs dca.edge.console.exe dca.edge.trayicon.exe no specs rundll32.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
380C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1348"C:\Program Files (x86)\ECI DCA\DCA.Edge.Console.exe" start-service C:\Program Files (x86)\ECI DCA\DCA.Edge.Console.exeECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp
User:
admin
Company:
ECI Software Solutions, Inc
Integrity Level:
HIGH
Description:
ECI DCA
Exit code:
0
Version:
1.5.8.9518
Modules
Images
c:\program files (x86)\eci dca\dca.edge.console.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
1540"C:\Users\admin\AppData\Local\Temp\ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe" /SPAWNWND=$402B4 /NOTIFYWND=$60246 C:\Users\admin\AppData\Local\Temp\ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe
ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp
User:
admin
Company:
ECI Software Solutions, Inc.
Integrity Level:
HIGH
Description:
ECI DCA Setup
Exit code:
0
Version:
1.5.8.9518
Modules
Images
c:\users\admin\appdata\local\temp\eci dca 1.5.8.9518 [h5lns9337tz8].exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2252"taskkill.exe" /f /t /im DCA.Edge.TrayIcon.exeC:\Windows\SysWOW64\taskkill.exeECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2632\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3408"C:\Program Files (x86)\ECI DCA\DCA.Edge.TrayIcon.exe"C:\Program Files (x86)\ECI DCA\DCA.Edge.TrayIcon.exe
ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp
User:
admin
Company:
ECI Software Solutions, Inc
Integrity Level:
MEDIUM
Description:
ECI DCA Service Monitor
Version:
1.5.8.9518
Modules
Images
c:\program files (x86)\eci dca\dca.edge.trayicon.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
3672C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
4440"C:\WINDOWS\system32\NOTEPAD.EXE" C:\ProgramData\ECI DCA\logs\dca.logC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
5184"C:\Program Files (x86)\ECI DCA\DCA.Edge.Console.exe" config --config "C:\ProgramData\ECI DCA\dca.config" --installer "C:\Users\admin\AppData\Local\Temp\ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe" --install-service C:\Program Files (x86)\ECI DCA\DCA.Edge.Console.exe
ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmp
User:
admin
Company:
ECI Software Solutions, Inc
Integrity Level:
HIGH
Description:
ECI DCA
Exit code:
0
Version:
1.5.8.9518
Modules
Images
c:\program files (x86)\eci dca\dca.edge.console.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
5444"C:\Program Files (x86)\ECI DCA\DCA.Edge.TrayIcon.exe" C:\Program Files (x86)\ECI DCA\DCA.Edge.TrayIcon.exeexplorer.exe
User:
admin
Company:
ECI Software Solutions, Inc
Integrity Level:
MEDIUM
Description:
ECI DCA Service Monitor
Version:
1.5.8.9518
Modules
Images
c:\program files (x86)\eci dca\dca.edge.trayicon.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
Total events
33 270
Read events
33 176
Write events
88
Delete events
6

Modification events

(PID) Process:(7604) ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
B41D0000C0D5CA2838DCDA01
(PID) Process:(7604) ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
629EC45047C313BE04991E6614B64726F88F86A5E6DE96ADCC8D4883046292EC
(PID) Process:(7604) ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(7604) ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files (x86)\ECI DCA\Abot.dll
(PID) Process:(7604) ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
21BBA3D448A738DBAEB098AC5CBB0A36B9E89E1E8849D5911E24459FE3B76403
(PID) Process:(5184) DCA.Edge.Console.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(5184) DCA.Edge.Console.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(5184) DCA.Edge.Console.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(5184) DCA.Edge.Console.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(5184) DCA.Edge.Console.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ECI DCA
Operation:writeName:EventMessageFile
Value:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
Executable files
98
Suspicious files
10
Text files
6
Unknown types
6

Dropped files

PID
Process
Filename
Type
7628ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exeC:\Users\admin\AppData\Local\Temp\is-BV4AQ.tmp\ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpexecutable
MD5:D7F407EB70E556046727F813E0FF38BF
SHA256:FE44F83A2BC6B9E549284B64CB70C1E31575657CE4BDFB1485487BBBB8DCFEBE
7604ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpC:\Program Files (x86)\ECI DCA\is-ORAPP.tmpexecutable
MD5:14DA5BFCD0E595C9234A1E14E24FA512
SHA256:F95D4AC735CD2B13D7BC4614FB3D835200559CB1AB30B81AB79B35FFA74817AB
7604ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpC:\Program Files (x86)\ECI DCA\is-PO1QV.tmpexecutable
MD5:D7F407EB70E556046727F813E0FF38BF
SHA256:FE44F83A2BC6B9E549284B64CB70C1E31575657CE4BDFB1485487BBBB8DCFEBE
7604ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpC:\Users\admin\AppData\Local\Temp\is-1SGPF.tmp\idp.dllexecutable
MD5:55C310C0319260D798757557AB3BF636
SHA256:54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED
7604ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpC:\Users\admin\AppData\Local\Temp\is-1SGPF.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7604ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpC:\Program Files (x86)\ECI DCA\unins000.exeexecutable
MD5:D7F407EB70E556046727F813E0FF38BF
SHA256:FE44F83A2BC6B9E549284B64CB70C1E31575657CE4BDFB1485487BBBB8DCFEBE
7604ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpC:\Program Files (x86)\ECI DCA\CommandLine.dllexecutable
MD5:53FB22B2B1726EBDE42C5F2CC921055A
SHA256:C13F3009E6619BDD07C3BC7FD60DF0721144258C2DC0772B330ECEDCD098F266
7604ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpC:\Program Files (x86)\ECI DCA\is-QB285.tmpexecutable
MD5:F9EC1D09FA0800597C4767C149604A7B
SHA256:29A9B60D94C569DB0CCFAE726D8FF38185815C957FA05D105913F36757F28847
1540ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exeC:\Users\admin\AppData\Local\Temp\is-81CRT.tmp\ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpexecutable
MD5:D7F407EB70E556046727F813E0FF38BF
SHA256:FE44F83A2BC6B9E549284B64CB70C1E31575657CE4BDFB1485487BBBB8DCFEBE
7604ECI DCA 1.5.8.9518 [H5LNS9337TZ8].tmpC:\Program Files (x86)\ECI DCA\is-J40VC.tmpexecutable
MD5:E5EAF0BFFF61A4C27C2D53B555F66E5E
SHA256:E82214986F6F7C82B8749907099799F4ADFC8C62929A6A1FE82C3B31676C4F53
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
40
DNS requests
27
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5184
DCA.Edge.Console.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
5184
DCA.Edge.Console.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
5184
DCA.Edge.Console.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA98u5eOYdBR7R%2Fa5LSCbuo%3D
unknown
whitelisted
6668
DCA.Edge.Console.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6668
DCA.Edge.Console.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA98u5eOYdBR7R%2Fa5LSCbuo%3D
unknown
whitelisted
6668
DCA.Edge.Console.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
5620
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4716
svchost.exe
40.126.31.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2760
svchost.exe
40.113.103.199:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7856
svchost.exe
4.209.32.198:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2720
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7856
svchost.exe
4.209.33.156:443
licensing.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
5184
DCA.Edge.Console.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6668
DCA.Edge.Console.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 20.73.194.208
whitelisted
login.live.com
  • 40.126.31.73
  • 20.190.159.0
  • 20.190.159.71
  • 20.190.159.23
  • 20.190.159.68
  • 20.190.159.64
  • 20.190.159.4
  • 40.126.31.67
whitelisted
google.com
  • 142.250.186.110
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
licensing.mp.microsoft.com
  • 4.209.33.156
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
fd.api.iris.microsoft.com
  • 20.199.58.43
whitelisted
www.bing.com
  • 2.23.209.174
  • 2.23.209.179
  • 2.23.209.168
  • 2.23.209.178
  • 2.23.209.176
  • 2.23.209.180
  • 2.23.209.175
  • 2.23.209.167
  • 2.23.209.171
  • 184.86.251.31
  • 184.86.251.9
  • 184.86.251.10
  • 184.86.251.5
  • 184.86.251.15
  • 184.86.251.16
  • 184.86.251.4
  • 184.86.251.14
  • 184.86.251.28
whitelisted
updates.printfleetcdn.com
  • 18.194.190.64
unknown

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ECI DCA 1.5.8.9518 [H5LNS9337TZ8].exe